Security
This section provides an understanding of GigaSpaces Security features, where they fit in the GigaSpaces architecture, which components can be secured, and how to configure and customize the security depending on your application security requirements. XAP Security provides comprehensive support for securing your data, services, or both. GigaSpaces provides a set of authorities granting privileged access to data, and for performing operations on services.
Some security features are part of the open source edition, while others are only available with the commercial (licensed) editions.
Dependencies
In order to use this feature, include the ${XAP_HOME}/lib/optional/security/xap-security.jar
file on your classpath or use maven dependencies:
<dependency>
<groupId>com.gigaspaces</groupId>
<artifactId>xap-security</artifactId>
<version>12.2.1</version>
</dependency>
For more information on dependencies, refer to Maven Artifacts.
Main Security Features
The features listed below are available with the open-source editions of GigaSpaces products.
Authority and Roles
- Data access privileges
- Operation privileges
- Monitoring privileges
- System administration privileges
Data-Grid operations Auditing
SSL Transport Layer security
Extensions
The features listed below are available with the commercial licensed editions of GigaSpaces products.
Spring Based Security support
- LDAP Authenticating
- Database Authenticating
Administration tools
- User intefaces: gs-ui, web-ui, gs CLI
- Admin API
Layers of Security
XAP security can be applied in three separate layers:
- Data layer - Includes Spaces and Processing Units.
- Grid layer- Includes grid components (GSA, GSM, GSC, XAP Manager + REST Manager API).
- Transport layer - Provides a generic network filter with SSL support.
You can secure any of these, or all of them for maximum security.
Configuring Security
Security is configured via a property file that includes required and custom properties. For more information, refer to the following parts of the Security section in this Administration guide:
- Space and Processing Unit configuration options
- Grid components configuration options
Enabling Security
Security can be enabled separately for the data layer and the grid layer.
- The data layer has options to declare a secured Space or Processing Unit.
- The grid layer has options to declare the Grid as secured.
Security Implementations for Licensed GigaSpaces Products
The Open Source editions do not include a security implementation. A reference implementation is provided instead.
When no property file is configured, there is a fallback implementation mainly used for testing or to get you started. This implementation stores the user credentials in a local file and can be used to demonstrate that security has been applied.
Refer to the following sections for more information about XAP security implementation:
- To read more about the XAP file-based configuration options, refer to Default File-Based Security.
- To write your own implementation, refer to Reference Implementation, which uses MongoDB.
- For other custom security implementations, refer to Custom Security. One such custom security implementation is the Spring Security Bridge.
Hello World Example
The Hello World example provides a step-by-step guide to deploying a Processing Unit with a secured Space, accessing it from a remote proxy, and declaring principals using the administration tools.
Spring Security
Spring Security is one of the most mature and widely used Spring projects. GigaSpaces provides a Spring-based security bridge to enable an extensible implementation to various authentication sources. One such example is with LDAP (Lightweight Directory Access Protocol).
For more information, refer to Spring Security Bridge.